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Cross-Reference to Relatied Applications 

This is a continuation-in-part of applications Serial No. 08/205,885, filed 
March 3, 1994; now abandoned; Serial No. 08/393,493, filed February 24, 1995; 
Serial No. 08/410,318, filed March 24, 1995; now abandoned; Serial No. 
10 08/453,393, filed May 30, 1995, issuing October 26, 1999 as United States 
Patent No. 5,973,731; and Serial No. 09/020,456, filed February 9, 1998, the 
disclosures of which are hereby specifically incorporated herein by reference. 

1. Field of the Invention 

The present invention relates generally to the field of secure identification 
15 systems, and, more particularly, to the communication of digital images from a 
centralized server computer to a plurality of client data terminals located at 
remote sites, for the purpose of providing visual identification and confirmation of 
subject individuals or product items. 

2. Background of the Invention 

20 Many identification systems are described in the art, and the 

methodologies of these approaches cover a wide range of techniques. In some 
cases, a photograph of a subject or his fingerprint pattern is affixed to an 
identification card, usually as part of a tamper-resistant assembly. In other 
approaches, various methods are employed for storing image or password 

25 information in a magnetic stripe or in an optically encoded image or pattern 



which is physically part of the identification card. Still other approaches utilize a 
"smart card" having its own semiconductor memory and/or microprocessor 
capability for information storage. Each of these techniques is effective for 
specific applications, but in each case the security carries a high cost, either in 
5 expense for the materials involved, the complexity of the assembly process for 
the identification card, or the repetitive cost of applying the method to a plurality 
of individual identification cards utilized for different circumstances. In addition, 
since a major part of the identification information is carried in the physical 
identification card itself, it is subject to tampering, alteration, or replication if it 
10 falls under the control of an unauthorized user. 

Summary of the Invention: 

The present invention overcomes the limitations of the systems of the 
prior art by utilizing a separate, centralized database to store data-compressed 
images of the subject individuals or items, and subsequently downloading the 

15 data-compressed images to local data terminals, on demand, at the time of the 
identification event or transaction. Because the image information is not stored 
within the identification card itself, it is not subject to alteration or replication by 
an unauthorized user, and the use of encryption techniques makes the image 
information useless if the data signals are intercepted. In addition, a plurality of 

20 identification cards or customer accounts may be associated with a single image, 
as, for example, all of the credit cards owned by a single individual, or the 
separate checking and savings accounts for an individual. In the case of a credit 
card, images for both a husband and a wife could be associated with an 
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individual card or a plurality of cards; similarly, an image for a child having 
authorization to use a card could be associated with that card, and, if desired, 
could be assigned a different credit limit. The image may include a copy of the 
authorized signature, or the signature may be provided as a separate image file, 
5 which then could be used by the transaction terminal to compare to a scanned 
image of the signature on the authorization slip or the input of a "pen" computer 
or pressure-sensitive pad. Additional information, such as the Social Security 
Number or the mother's maiden name for the cardholder may be used to 
augment these security measures. 

10 In cases in which a user is to be identified although he or she is not 

physically present at the transaction terminal, as, for example, when products 
are ordered by telephone using a credit card, the terminal operator would be able 
to accomplish a partial identification by using the image to compare the physical 
appearance in the image to the details supplied by the customer in response to 

15 operator questions. Alternatively, the customer could choose a distinctive image, 
such as a corporate logo or a picture of an animal or a special article as his 
confirmation symbol, and the operator would expect the customer to validate his 
order by describing his confirmation symbol. As a further verification, the 
customer could be required to key in a personal identification number ("PIN") 

20 using his telephone key-pad, which then could be compared to the number 
stored in the central database for each credit card; in an alternative embodiment, 
this PIN number could serve as the decryption key for the image file presented to 
the operator. In the future, when video-phones become available generally, it 
will be possible to perform this identification process visually; in addition, the use 



of "pen" computer units would allow a customer to transmit his authorization 
signature directly to the transaction terminal. 

As image recognition systems become more reliable, many of these visual 
identification steps may be automated. In this case, it will be desirable to provide 
5 video camera facilities at the transaction terminals, so that the image of the 
purchaser may be captured at the time of the transaction. If desired, such an 
image could be uploaded to the transaction computer to provide a record of the 
identity of the purchaser in a particular transaction. 

In actual implementation, the image information may be relayed to the 
10 transaction terminal through a central transaction computer, such as those 
utilized by current credit card clearing houses. As an alternative, the image 
database computer could serve as the gateway to the central transaction 
computer, by relaying the financial information to the central transaction 
computer. In this case, it would be somewhat less complicated to maintain a 
15 record of the image of the purchaser, as this image database computer would be 
optimized for image handling and storage. 

At the remote transaction terminal location, it would be advantageous to 
integrate the video display capabilities into a single unit which also provided the 
data-input and cash-register facilities. Where this is not feasible, an analogous 
20 data-communications path would be utilized, with a separate video display unit 
situated at the transaction terminal location. 

In some applications, it may be desirable to provide a local image 
database, as, for example, of regular customers at a particular retail store. 
Although this reduces the level of security available, it would speed 



communications and decrease the on-line time for the centralized computer 
database. In addition, it would allow verification of the identity of the customer, 
without the need to communicate with the central database computer. 
Furthermore, a local database may provide additional data management 
5 capabilities, even if not all of the information related to the item resides within the 
local database: for example, the local database may store an encrypted image, 
while the decryption key is provided from the central database. 

When implemented in a typical sales operation, image records 
representing the individual products optionally may be stored in a local database, 

10 such that as a product price tag is scanned at the check-out register, an image of 
the product is relayed from the database computer to the check-out register 
transaction terminal so that the identification of the product may be verified by 
visual comparison with the image displayed on the transaction terminal, thereby 
confirming the accuracy of the scan and preventing a customer from placing the 

15 price tag of a less expensive product on a more expensive product. 

In a law-enforcement environment, a police officer who has stopped a 
suspect vehicle could download an identification picture of the registered owner 
before approaching the vehicle, thereby giving him the advantage of knowing in 
advance the physical appearance of the presumed driver. For subjects taken 

20 into custody, the identifying image would allow rapid identification of the 
individual, and would inhibit accidental release due to errors in identification. For 
Immigration Department officials, downloaded images would allow verification of 
the identity of subjects presenting passport credentials. 
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In a banking environment, an image of the customer at an ATM terminal 
could be compared to a downloaded image to verify the identity of the customer. 
Several systems for automatic image recognition are presently available, with 
recognition rates varying from 95% to over 99%, depending on the strictness of 
the comparison. For in-person banking transactions, images of the subject 
person may be maintained in a local database, optionally storing these images in 
encrypted form, with the decryption key downloaded from the central database; 
this would enable a teller to verify the identity of a banking customer, by making 
the image of that customer available on the transaction terminal screen. In 
addition, an image may be taken of the subject person or their signature at the 
time of the transaction, and associated with the transaction, in order to 
memorialize the participants in the event; this image may be uploaded to the 
central database computer and stored in a separate transaction database. 

In a business environment, any type of legal document, such as a 
contract, may be secured by associating the document with a particular 
identifying image, much in the same way as Notary Public procedures are 
employed today. Images of the principals may be deposited in a special image 
archive facility, for later retrieval in the event of any dispute. 

The original identification images would be entered from a banking 
institution or a retail site of the entity issuing the identification card. After the 
subject image has been captured, using either a still video camera, a motion 
video camera, or a scanned photograph, the image is data-compressed, 
encrypted, and transmitted to the central image database. Once it has been 
included in the image database, the image for a particular subject may be 



associated with as many different identification cards, credit cards, or customer 
accounts as desired, and made available to any number of transaction 
computers, which may be representative of a plurality of independent transaction 
systems. Preferably, a scanned image of the signature of the subject would be 
5 included, and associated with the subject image file, along with any other 
identification data, such as the Social Security Number or a special password. 

In an alternative embodiment, the identification image may be stored in 
encrypted form within the identification card, with the decryption key provided 
from the central database computer at the time of the transaction. 
10 In a further alternative embodiment, a portion of the image may be stored 

within the identification card, with the remaining portion provided from the central 
database computer. Either or both portions may be in encrypted form, with 
decryption key or keys supplied from either the identification card or the central 
database computer. One possible embodiment would provide the decryption key 
_ 15 for the local portion from the central database computer, and the decryption key 
for the portion provided by the central database computer from the local source 
identification card. 

In yet another alternative embodiment, the image may be stored on the 
central database computer in encrypted form, while the identification card 
20 provides the decryption key. 

Brief Description of the Drawings 

Figure 1 is a block diagram depicting the hardware components for 
uploading image identification information in the preferred embodiment. 
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Figure 2 is a block diagram depicting the hardware components for 
downloading image identification information in the preferred embodiment. 

Figure 3 is a block diagram depicting the various formats of image data 
compression utilized for local data security and for the control of the transmission 
5 of images between remote sites. 

Detailed Description of the Preferred Embodiment 

The present invention takes advantage of computer networking, 
computer-based communication, client-server architecture, and relational 
databases in order to implement a new and unique system for secure 

10 identification and communication. Background information is available through 
the Bijnagte (US Pat. No. 5,235,680) and Sibley, Jr. (US Pat. No. 4,677,552) 
references, and also through descriptions of computer network operating 
systems (such as Novell NetWare, UNIX, or Microsoft Windows NT-Server), for 
communications protocols (such as TCP/IP or IPX), or for communications links 

1 5 (X.25, ATM, ISDN, or T1/T3 lines). 

For the purpose of this disclosure, it should be understood that the term 
"item" is intended to refer to any product (new or used), any service, or any 
person to be listed within the database of this invention, and for which or whom 
image information is available for display based on a specific request. Broadly, 

20 the system may be used in conjunction with individuals or products which may be 
identified by comparison of the subject item with a pre-existing image previously 
entered into the central database. 



Figure 1 shows the organizational structure of one of the typical remotely 
located clients forming part of a client/server system architecture in accordance 
with the invention. At the option of the system designers, a personal computer 2 
maintains, on its disk storage facilities, a local database 4 of items or people to 

5 be listed within the system. As these items, products, or people are identified, 
the characteristics of each are entered into the local database, employing 
conventional user interfaces such as the keyboard and "mouse" (not shown) 
provided with the personal computer. 

Images related to these items are then associated with the items in the 

10 database record, using the photographic image scanner 6 or the digital still-video 
camera 8. Other possible sources could include analog still or motion video 
sources 10, providing signals to be digitized by a digitizer-plug-in-board installed 
within the PC (not shown), or digitized video signal materials provided from other 
sources. After the images have been input to the PC, they preferably are data- 

15 compressed for storage on the interna! hard-disk provisions included with the 
PC, at the option of the system designers; this process is discussed in further 
detail below. For convenience, a printer 24 is provided to prepare hard-copies of 
the subject images, including associated images such as the scanned signature 
of the subject, with or without additional text information. In addition, the printer 

20 may be used to provide a hard-copy record of any transaction performed at the 
terminal. 

In many cases, the image of a particular item or individual may be 
deemed to be useful for local identification, and the manager of the item may 
choose to keep the item within his local database rather than to list it on the 



central database, thereby providing information for local use or to decrease the 
duration of transactions by eliminating the need to download the image of a 
subject. In this case, no further steps will be required, as there is no 
communication with the central database computer. However, if the item is to be 
listed on the central database, the following steps are executed. 

The client PC 2 is equipped with a modem 12 for data communication to 
the central database computer over telephone lines 14. Typically, this modem 
will be capable of operation at least at 14.4 KBaud; however, 56 KBaud or faster 
modems, dedicated communication links, ISDN (Integrated Services Digital 
Network), or DSL (Digital Subscriber Line) communication links may be 
implemented, with progressively higher performance. This communication link 
14 is connected via one of a plurality of available modems 16, or by appropriate 
communication link, to a network-remote-node communications server 20. 
Hardware to effect this type of communications link at the communications 
server site is readily available from manufacturers such as Digi International or 
USRobotics. 

As an alternative to modem 16, connection to this communications server 
may be achieved via a wide-area-network (WAN) access provider, such as an 
Internet access provider, through appropriate network gateway hardware 28. In 
such a case, the gateway communications link may be implemented via ISDN or 
DSL lines, dedicated communications lines, T1/T3 service, or satellite links. In 
alternative implementations, the network gateway hardware and communication 
link may be implemented at a different point in the server site, such as in a 
device directly connected to the local network bus 50 (described herein below) or 

10 



as interfaced directly to the database file server 30 (described herein below). 
Where a network of server sites is implemented, this communication link, or a 
separate similar link (not shown), would enable the various server sites to 
communicate with each other, or with other computer facilities outside of the 
network. In practice, a plurality of communications servers may be required at 
each site, depending on the capabilities of the communications server hardware 
20, the number of simultaneous active clients to be served, and the type of 
communication links established by the clients. 

Upon log-on by the client PC, the communications server 20 preferably 
first authenticates the user by way of known security measures included in 
typical multiple-access computer systems, and optionally may also verify the 
Caller ID signal transmitted by the telephone system, as currently available in 
most communities throughout the United States. Alternatively, the 
communications link path may include a "security host" computer 18, such as the 
model ACM 400 offered by Security Dynamics, interposed between the modem 
16 and the communications server 20. This computer checks for the presence 
of a particular hardware security key installed at the client PC, as further 
described below in reference to Figure 3. Upon authentication, any updates in 
software optionally may be downloaded automatically to the client PC. In some 
cases, it may be necessary to check the client PC to confirm the presence of 
certain hardware, or to verify that a correct version of software is currently in use. 
This may be determined by way of specialized systems management software 
available for many network operating systems, or by programming the client PC 
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to automatically provide this information to the communications server as part of 
the log-on procedure. 

The communications server is connected to a local network bus 50, which 
may be implemented using any of the many well-known architectures, including 

5 Ethernet, Fast-Ethernet, or Token-Ring. Also connected to this network bus is 
the database file server 30, which maintains the database records and manages 
the image storage processes. The database file server is equipped with a 
Random Array of Inexpensive Disks (RAID)-based mass-storage system 32, 
which holds all the data records in the central relational database 38. In 

10 addition, this server system includes a tape-drive back-up unit 34, and optionally 
may include provisions for an optical-disc "jukebox" unit 36 to extend data 
storage capabilities. Networks of this type are compatible with various operating 
systems, including UNIX, Novell NetWare, or Microsoft Windows NT-Server, 
although the system selected should support access for multiple remote clients. 

15 Images associated with the relational database 38 are stored on an image 

file server 40, also connected to the network bus 50. This file server is equipped 
with a RAID-based mass-storage system 42, which holds all the image records in 
the image database 48. In addition, the image server is equipped with a tape- 
drive back-up unit 44, which optionally may include provisions for its own optical- 

20 disc "jukebox" unit 46 to extend image storage capabilities. 

For data entry, the descriptive records for the specific items are stored in 
the relational database file server 30, while the associated images are uploaded 
for storage on the image file server 40. In operation, the storage locations of the 
associated image files managed by the image file server are referenced by the 

12 



database file server, and provided as requested by the client through the 
communications server 20. The actual images may be stored as "pages" within 
an image compilation file, and may include one or more "thumbnail" or reduced- 
size images, which may or may not be illustrative of particular full-size images, 
5 and which may be transmitted quickly to give an over-view of the item. 
Alternatively, the images could be organized with a primary image file (with or 
without an associated reduced-size image) and one or more secondary image 
files containing multiple image pages, with or without reduced-size images. In 
the latter situation, the user would first request the download of the primary 

10 image file for an item, and then, if desired, would have the option of also 
downloading one or more of the secondary image file, in order to obtain further 
information about that particular item. All data files and images files may be held 
in the active (RAM) memory, or off-loaded to the local hard-drive of the client PC, 
so that they may be reviewed and compared by the operator as desired, without 

15 further communication activities. In client PCs having multi-tasking capabilities, 
the downloading process may continue as a background task, while the operator 
examines the material that has already been received and, as necessary, 
decrypted, as a foreground task. In this way, the operator need not wait until all 
of the data has been downloaded before beginning the examination of the 

20 materials transmitted. 

In a typical operation, the client will upload information relating to specific 
items, which then are stored by the database file server. Based on the item 
storage by the database file server, the client then may request that selected 
images be uploaded to the image file server. This technique allows each of the 



system components — communications server, relational database file server, 
and image file server— to be optimized for its specific application. However, 
depending on the particular application, database size, and communications 
traffic, one or more of these functions may be combined, such that in some 
cases a single server system may provide all of the required functions; this could 
include both the database file server function and also the image file server 
system, such that both kinds of data optionally may be stored in the same 
database, or even within the same record. In other cases, multiple servers may 
be required for one or more of these functions, each of them connected to the 
local network bus 50. 

The steps involved in an identification event or transaction will be 
understood with reference to Figure 2. In many respects, the system 
architecture is equivalent to that of Figure 1, except that the flow of image file 
information generally is in the opposite direction. It will be appreciated that many 
of the details of the data communications and system architecture will function in 
identical ways, and therefore the reader is referred to these discussions herein 
above. In a typical identification event, a subject will present an identification 
card (I.D. card) for verification at the event site. The actual scanning device 106 
may be implemented as a magnetic stripe reader, optical reader, or pattern 
recognition unit. This scanning device will retrieve identification information from 
this I.D. card which is representative of the subject, and communicate it to the 
transaction terminal 102. In practice, this unit may be as simple as a credit card 
reader, or as complex as a PC which is part of a sophisticated computer 
network. For the purpose of this discussion, the function of the transaction 

14 



terminal will be explained with the understanding that it is a remote client PC 
connected to the central database server. 

The remote client PC 102 may be utilized as part of a product UPC-code 
scanner or optical character reader system which interprets product tags. As an 
5 option, a local database 104 may be maintained on this PC, such that when a 
particular product tag is scanned, an image of the correct product item is 
presented on the video display 124. In an alternative implementation, this 
database would maintain identification images of the subjects, such as images of 
regular customers at a bank or retail store. When any input of product 

10 information has been completed, the primary identification event or transaction 
may be effected. In a banking environment, this could be part of a financial 
transaction, such as an account deposit or withdrawal; in a retail operation, this 
would correspond to a credit card transaction or a payment for goods by check. 
When the I.D. card is scanned, the information is communicated through the 

15 modem 1 12 to the telephone line or communications link 114 and on to one of a 
plurality of modem units 116. As explained herein above, the system optionally 
may include a security host computer 118 interposed between the modem 116 
and the communications server 120. 

The communications server 120 is connected to a local area network 150, 

20 typically implemented using one of several forms of Ethernet. Also connected to 
this network bus is a transaction file server 130, which maintains a transaction 
database 138 containing information used to identify any verification passwords 
and the storage locations of the associated image files. This transaction file 
server is equipped with a RAID-based disk storage unit 132 and a tape drive 134 



for data back-up. As an option, this server also may be equipped with an optical- 
disc jukebox 136 for additional storage capacity. 

Images associated with the relational database 138 are stored on an 
image file server 140, also connected to the network bus 150. This file server is 
5 equipped with a RAID-based mass-storage system 142, which holds all the 
image records in the image database 148. In addition, the image server is 
equipped with a tape-drive back-up unit 144, which optionally may include 
provisions for its own optical-disc jukebox unit 146 to extend image storage 
capabilities. 

10 In response to an identification event or transaction, the client PC will 

download information related to the subject, which previously has been stored on 
the database file server. In addition, the client then may download selected 
images from the image file server, including both identification images and also 
associated images, such as images of the signature of the subject. This 

15 technique allows each of the system components — communications server, 
relational database file server, and image file server — to be optimized for its 
specific application. However, depending on the particular application, database 
size, and communications traffic, one or more of these functions may be 
combined, such that in some cases a single server system may provide all of the 

20 required functions; this could include both the database file server function and 
also the image file server system, such that both kinds of data optionally may be 
retrieved from the same database, or even from within the same record. In other 
cases, multiple servers may be required for one or more of these functions, each 
of them connected to the local network bus 150. In addition, depending on the 



overall architecture of the system, the various communication servers 20 and 
120, and file servers 30, 40, 130, and 140, may be combined or separated as 
necessary to match the demands of the communication load, convenience, 
economy, or the like. 

It is anticipated that in some cases the client PC or transaction terminal 
will not have the required windowing capabilities, and will only process textual 
information. In these cases, there will be no uploading or downloading of images 
to this client, and all database services will be confined to the relational database 
file server. 

In some applications, it may be necessary to control the access to the 
databases, so that certain clients may upload items for inclusion into the 
database, but downloading to certain other clients is prohibited, or restricted to 
specific clients (such as government authorities or police units) for reasons of 
security or privacy, as discussed below. 

Figure 3 shows the inter-relationship between the various file formats for 
images stored locally at client PCs, transmitted to or from the server image 
database, or transmitted between remote client sites. A client PC, shown 
generally at 60, optionally may maintain a local database 62 which includes 
image files associated with particular items. These files are encrypted by any of 
several available techniques, including commonly utilized formats for data 
encryption or by custom modification or encryption of the file header information 
so as to link the files themselves with the password character sequence 
contained inside a hardware security key. In typical usage, this hardware key 
consists of a limited number of storage cells in an EEPROM, which have been 

17 



programmed with a unique sequence of characters. Only a computer having this 
particular security key attached to the parallel interface connector is able to 
decrypt the image files and reconstruct the image; this encrypted format is 
designated as the "L" or "Local" format for the purposes of this discussion. This 
5 security also may be used to control the permissions for access to the network 
server computers, to uniquely identify the client-PC station, or to provide 
information (possibly including dial-up telephone numbers or TCP/IP network 
address settings) which may be needed to complete the communications path. 
In practice, the actual data compression methods employed could include 

10 the industry standard JPEG format, Lead Technologies "cmp" format, Iterated 
Systems "fractal compression", "wavelet compression", or other proprietary or 
commercially available techniques. Compression ratios on the order of 30:1 or 
more preferably are employed, thereby producing image files of approximately 
10 KBytes or smaller in size. It would be particularly advantageous to utilize a 

15 compression technique which is resolution-independent (such as fractal 
compression) which produces very compact image data files that may be re- 
sized to match the video display interface hardware in the client PC. In addition, 
selected image files 64 to be uploaded to the image file server and designated 
as "T" or "Transmitted" format are created by modifying the internally stored L- 

20 format files, utilizing formatting methods similar to those discussed above for 
encrypting without hardware security keys. Alternatively, the use of "public" keys 
with "private" keys may be implemented, as well established in the art of secure 
encrypting of data transmissions, and following standards such as the DES (Data 
Encryption Standard) developed for the U.S. Government, or the MD5 system 
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offered by RSA Security, Inc. Similarly, image files 66 downloaded from the 
image file server are encrypted in "R" or "Received" format, which may be 
distinct from either the "T" format or the local "L" format. These files are 
decrypted upon receipt, and may be converted into the normal L-format utilized 

5 for the local client PC database. 

A second client PC is shown generally at 70. This second client PC also 
may maintain a local database, but, because of the security techniques 
described herein above, the image file storage format is distinct from the format 
of the first client PC, and is designated as L*. In addition, the second client PC 

10 has provisions for uploading, downloading, and converting image files in the R 
and T formats described in reference to the first client PC. 

If an attempt is made to transmit or transfer a file directly from one client 
PC site to another (or to a client PC not legitimately a part of the system), the 
images will be unusable, because the L-format images cannot be decrypted by 

15 an LMormat client PC, or any other PC which does not have the proper 
hardware security key, and the Client PCs may not have provisions for 
converting T-format images into usable form. In order to allow files to be 
exchanged and viewed by other client PCs or users, the image file server, shown 
generally at 80, may perform this conversion step, or alternatively this step may 

20 be performed by the transmitting PC as part of the upload process. Image files 
uploaded by client PCs in T-format are received at step 82, and may be 
converted at step 84 to the R-format. At this time, files optionally could be 
converted from one image data compression scheme (for example, by LEAD 
Technologies) to a different image data compression scheme (for example, 



fractal compression by Iterated Systems) to save local storage space and 
communication costs and time during image downloading procedures, in many 
cases, sophisticated hardware-assisted image processing (such as the step of 
fractal image compression) are expensive to implement on a client-PC-wide 
basis, but would be economically feasible at a central database site. At step 86, 
the R-format image files may be transmitted to any other client PC site on the 
network. It should be understood that the image files may be stored in T-format 
and converted at the time of transmission, or converted to R-format at time of 
receipt and storage; alternatively, the files may be stored in a third format which 
may be incompatible with either R- or T-format files. As a further alternative, the 
files may be converted to either the R-format or this third format by the 
transmitting PC 60 at the time the files are uploaded to the server, rendering it 
unnecessary for the server to perform this step. Figure 3 indicates compatible 
image file transmissions as solid lines, and incompatible image file transmissions 
as dashed lines. 

In an alternative embodiment, the security issue may be handled in a 
different manner, either by including a decryption key within the identification 
credentials (such as a credit card magnetic stripe) to enable the local data 
terminal to decode a downloaded picture which has been encoded to match that 
particular decryption key, or by including the encrypted picture in the 
identification card itself, in which case only the particular decryption key need be 
downloaded to the local data terminal. 

In another alternative embodiment, a portion of the image may be stored 
within the identification card, with the remaining portion provided from the central 
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database computer. Either or both portions may be in encrypted form, with 
decryption key or keys supplied from either the identification card or the central 
database computer. One possible embodiment would provide the decryption key 
for the local portion from the central database computer, and the decryption key 
5 for the portion provided by the central database computer from the local source 
identification card. 

Many possible applications in identification of people readily will be 
appreciated, including secure identification for credit card, check-writing, ATM, or 
other financial and retail transactions; identification for law-enforcement or 

10 Immigration-control agencies; identification of patients in a medical environment; 
and any activity for which positive identification is essential, including those 
activities for which Notary Public services currently are employed. For retail 
applications, product images retrieved from a local or global database may be 
used by sales clerks to verify the pricing or attributes of a particular item, by 

15 making this information available at checkout-cashiers' stations, or at customer 
service stations throughout the store. In addition, many of the human 
identification services to be performed may be automated, using computer- 
based image recognition techniques, such as the Photobook system offered by 
Facia Reco Associates, or the TrueFace system offered by Miros. Based on the 

20 stringency of the testing criteria, recognition rates for these systems in different 
applications varying from 95% to 99.9% have been achieved. A further feature 
of the system is the ability to associate a single identification image with a 
plurality of accounts, transactions, or records, thereby reducing the data storage 
requirements for images. 
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In addition, multiple images may be associated with a single record or 
account, thereby providing additional identification images for the subject item, or 
images of additional subject items to be associated with the same record, set of 
accounts, transactions, or subset of accounts. 

Having thus described the invention, i claim: 
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CLAIMS 



1 . A method of providing secure interactive communication of textual 
5 information and image data between a central server computer and one or more 
client computer terminals, located at remote sites, for the purpose of storing and 
retrieving files describing and identifying unique products, services or individuals, 
the steps of the method comprising: 

separately storing textual information and image data from one or more of 
10 the remote terminals at the location of the central server computer with the 
image data being in compressed form and the textual information being included 
in a relational database with identifiers associated with any related image data, 

associating for independent retrieval at the central computer the image 
data and the textual information, 
15 receiving and processing at the central computer single, multiple and 

simultaneous requests for identification confirmation received from at least one 
of the remote terminals, 

recalling and downloading textual information and/or image data 
requested from the at least one of the remote terminals to the requesting 
20 terminal for review, and 

comparing the textual information and image data downloaded at the 
requesting terminal with a product, service or individual to be identified. 
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2. The method as claimed in Claim 1 , wherein the step of associating 
includes assigning at least one unique identification number to the image data of 
first and second items to be identified, and storing the identification number in 
the central server computer. 

5 

3. The method as claimed in Claim 2, wherein the identification 
number is the personal identification number ("PIN") found on a card, such as a 
phone card, credit card or like card used in financial transactions. 

10 4. The method as claimed in Claim 2, wherein the step of associating 

includes assigning multiple identification numbers to the image data of at least 
one item to be identified and at least one of the identification numbers so 
assigned to the image data of a second item to be identified, and storing the 
multiple identification numbers in the central server computer. 

15 

5. The method as claimed in Claim 2, wherein the first item 
represents an individual to be identified, the individual being physically present at 
and presenting a request for identification at said one of the remote terminals, 
and the image data of the individual being downloaded to said remote terminal 

20 for physical comparison with the individual. 

6. The method as claimed in Claim 5, wherein the second item 
represents a second individual to be identified, the second individual being 
physically present at and substantially simultaneously presenting a request for 
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identification at the same or different remote terminal as that of the first 
individual, and the image data of the second individual being downloaded to the 
terminal from which the image data was requested for physical comparison with 
the second individual. 

7. The method as claimed in Claim 4, wherein the multiple 
identification numbers comprise the personal identification numbers ("PIN") 
found on the respective of different credit cards used in financial transactions. 

8. The method as claimed in Claim 1 , wherein the step of separately 
storing textual information and image data comprises capturing as the image to 
be stored the graphical representation of a unique object, the object being pre- 
selected by an individual and serving as an identifier in lieu of the individual 
being physically present at any of said remote terminals. 

9. The method as claimed in Claim 8, wherein 

the step of recalling includes the individual to be identified not being 
physically present at the remote terminal and using a telephone to call the 
remote terminal for identification confirmation, 

the step of downloading includes downloading the graphical image of the 
unique object, and 

the step of comparing includes the individual satisfactorily describing the 
unique object. 
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10. The method as claimed in Claim 9, wherein 

the step of separately storing textual information and image data includes 
assigning the individual a unique alphanumeric password, and 

the step of comparing includes the individual satisfactorily providing the 
5 alphanumeric password. 

11. The method a claimed in Claim 1, wherein the step of separately 
storing includes formatting the textual information and the image data. 

10 12. The method as claimed in Claim 1 1 , wherein the step of formatting 

comprises encrypting of the textual information and image data. 

13. The method as claimed in Claim 12, wherein the central server 
computer is interfaced with at least one other server computer. 

15 

14. The method as claimed in Claim 2, including the step of encrypting 
the unique identification number of a user, the encrypted number serving as a 
decryption key that would enable only authorized users to complete a 
transaction. 

20 

15. The method as claimed in Claim 14, wherein the steps of 
associating and storing include storing the encrypted image at the remote 
terminal and the decryption key at the central server. 
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1 6. The method as claimed in Claim 1 , wherein the steps of storing and 
associating include storing an identification image in encrypted form within an 
identification card and a decryption key in the central computer. 

5 17. The method as claimed in Claim 1 , wherein the steps of storing and 

associating include storing an identification image in encrypted form on the 
central computer and a decryption key on an identification card presented by a 
user at the remote terminal. 

10 18. The method as claimed in Claim 2, further including 

providing means for encrypting and decrypting said textual and image 

data, the decrypting means being provided on at least one said remote terminal 

and said central computer server, and 

encrypting said personal identification number. 

15 

19. The method as claimed in Claim 13, further including the step of 
uploading the images of the files describing the products, services or individuals 
into the central server computer to create temporary or permanent records. 

20 20. The method as claimed in Claim 1, wherein an image of the 

individual is taken, the image being uploaded to the central server computer and 
stored in a separate transaction database. 
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21. The method as claimed in Claim 1, wherein an image of the 
signature of an individual is taken, the image being uploaded to the central 
server computer and stored in a separate transaction database. 

5 22. The method as claimed in Claim 1 , wherein the step of associating 

includes associating an identification image of a single account, transaction or 
record with a plurality of accounts, transactions, or records. 

23. A method of providing secure interactive communication of text 
10 information between a central server computer and one or more client computer 
terminals, located at remote sites, for the purpose of storing and retrieving files 
describing and identifying an individual, the steps of the method comprising: 

separately storing into the central server computer textual data received 
from a data input terminal into the central server computer, 
15 receiving and processing at the central server computer single, multiple 

and simultaneous requests for identification received from the remote computer 
terminals, at least one request for identification being received from a user 
physically present at a remote terminal, 

recalling and downloading the textual data to the remote computer 
20 terminal that requested the textual data, and 

comparing at the remote requesting computer terminal the textual data 
downloaded thereto from the central server computer with the individual to be 
identified. 
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24. The method as claimed in Claim 23, further comprising 
associating the textual data with at least one computer activation datum, 

which when activated allows access to the database of the central server 
computer, and 

the step of receiving and processing comprises 

activating the requesting computer terminal with an activation card, the 
activation card possessing activation means to activate the computer terminal to 
recall from and download information stored in the central server computer. 

25. A method of identifying a user not physically present at a 
transaction terminal, comprising the steps of: 

providing at least one centralized computer in operative communication 
with and remote to the transaction terminal, the centralized computer and 
transaction terminal each having a memory for storing graphical image files, 

capturing at the transaction terminal user identifying graphical images 
from many different approved users, each of the graphical images being 
selected by and personal to a respective approved user and having at least one 
distinctive feature that the approved user would be required to describe as a 
means of authenticating user identity and verifying that the user is authorized to 
complete a transaction, 

inputting the user identifying graphical images into the memory of the 
transaction terminal and of the centralized computer from said transaction 
terminal, 
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receiving at said transaction terminal a telecommunication request from a 
requestor not physically present at the transaction terminal and requesting 
identification verification and approval to complete a transaction, 

displaying from the memory of one said remote terminal and centralized 
computer the user identifying graphical image corresponding to the requestor, 
and 

receiving from the requestor a description of the distinctive feature 
associated with the graphical image downloaded and approving or rejecting the 
requestor as an authorized user depending on the description given. 

26. The method as claimed in Claim 25, wherein the user identifying 
graphical images are downloaded from the transaction terminal. 

27. The method as claimed in Claim 25, wherein the user identifying 
graphical images are downloaded from the centralized computer. 

28. The method as claimed in Claim 25, further comprising the steps of 
providing a plurality of transaction terminals in operative communication 

with and remote to the centralized computer, and further wherein 

the inputting of graphical images is at a first transaction terminal, 

the receiving of a request for identification is at a second transaction 

terminal, and 

the downloading of graphical images in response to the request is from 
the central computer. 
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29. The method as claimed in Claim 25, wherein the step of capturing 
includes the user providing a unique user identification image, the identification 
image comprising a geometric object, an article, an alphanumeric symbol, a 
password or a picture having special significance known only to the user and 

5 which must be described by the user to gain approval. 

30. An apparatus for authenticating authorized users and approving 
transactions requested by requestors not physically present for visual 
identification, the apparatus comprising: 

10 a data terminal for capturing a graphical image of a confirmation symbol 

selected by a user, the confirmation symbol having at least one unique and 

describable feature, 

a centralized computer for storing the graphical image of the confirmation 

symbol, the computer being at a location remote to the data terminal, 
15 means for receiving an approval request at the data terminal from a 

requestor using a telephone at a location remote to the data terminal, 

means for transferring the graphical image stored in the centralized 

computer to the data terminal, the means for transferring being activated in 

response to the request for approval, and 
20 means for displaying at the data terminal the graphical image downloaded 

from storage in the central computer and corresponding to the requestor, 

whereupon the requestor describes the confirmation symbol to obtain approval of 

the transaction. 
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31 . A secure identification system, comprising 

at least one centralized computer storing a database of compressed 
image files, each image file representing the image of an individual, 

a plurality of remote terminals in operative relation with the centralized 
computer, 

means located at the centralized computer for associating an image 
identifying number with the image file of a first individual and a second individual, 
and 

means located at the site of each remote terminal for downloading and 
displaying at least one of said image files stored in the database in response to 
one of said remote terminals communicating said image identifying number to 
said centralized computer. 

32. The apparatus as claimed in Claim 31, further wherein the 
database includes textual information associated with each image file, the textual 
information comprising a copy of an authorized signature. 

33. The apparatus as claimed in Claim 31 , further comprising 

means located at a remote data terminal for gathering image related 
information for comparison with an image file stored at a centralized computer. 
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Abstract of the Disclosure 

Methods and apparatus are described which provide secure interactive 
communication of text and image information between a central server computer 
and one or more client computers located at remote sites for the purpose of 
5 storing and retrieving files describing and identifying unique products, services, 
or individuals. Textual information and image data from one or more of the 
remote sites are stored separately at the location of the central server computer, 
with the image data being in compressed form, and with the textual information 
being included in a relational database with identifiers associated with any 

10 related image data. Means are provided at the central computer for 
management of all textural information and image data received to ensure that 
all information may be independently retrieved. Requests are entered from 
remote terminals specifying particular subject matter, and the system is capable 
of responding to multiple simultaneous requests. Textural information is recalled 

15 and downloaded for review, along with any subsequently requested image data, 
to be displayed at a remote site. Various modes of data and image formatting 
are also disclosed, including encryption techniques to fortify data integrity. The 
server computers may be interfaced with other computers to effect financial 
transactions, and images representing the subjects of transactions may be 

20 uploaded to the server computer to create temporary or permanent records of 
financial or legal transactions. A further feature of the system is the ability to 
associate an identification image with a plurality of accounts, transactions, or 
records. 
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